Business risk comes in a variety of tangible and intangible forms over the course of the business life cycle. Some risks occur during the ordinary course of corporate operations, while others are due to extraordinary circumstances that are not easily identified. Regardless of a company's business model, industry or level of earnings, business risks must be identified as a strategic aspect of business planning.
Once risks are identified, companies take the appropriate steps to manage them to protect their business assets. The most common types of risk management techniques include avoidance, mitigation, transfer, and acceptance.
Avoidance of Risk
The easiest way for a business to manage its identified risk is to avoid it altogether. In its most common form, avoidance takes place when a business refuses to engage in activities known or perceived to carry a risk of any kind. For instance, a business could forgo purchasing a building for a new retail location, as the risk of the venue not generating enough revenue to cover the cost of the building is high.
Similarly, a hospital or small medical practice may avoid performing certain procedures known to carry a high degree of risk to the well-being of patients. Although avoiding risk is a simple method to manage potential threats to a business, the strategy also often results in lost revenue potential.
Businesses can also choose to manage risk through mitigation or reduction. Mitigating business risk is meant to lessen any negative consequence or impact of specific, known risks, and is most often used when those risks are unavoidable. For example, an automaker mitigates the risk of recalling a certain model by performing research and detailed analysis of the potential costs of such a recall. If the capital required to pay buyers for losses incurred through a faulty vehicle is less than the total cost of the recall, the automaker may choose to not issue a recall.
Similarly, software companies mitigate the risk of a new program not functioning correctly by releasing the product in stages. The risk of capital waste can be reduced through this type of strategy, but a degree of risk remains.
Transfer of Risk
In some instances, businesses choose to transfer risk away from the organization. Risk transfer typically takes place by paying a premium to an insurance company in exchange for protection against substantial financial loss. For example, property insurance can be used to protect a company from the costs incurred when a building or other facility is damaged. Similarly, professionals in the financial services industry can purchase errors and omissions insurance to protect them from lawsuits brought by customers or clients claiming they received poor or erroneous advice.
Risk management can also be implemented through the acceptance of risk. Companies retain a certain level of risk brought on by specific projects or expansion if the anticipated profit generated from the activity is far greater than its potential risk. For example, pharmaceutical companies often utilize risk retention or acceptance when developing a new drug. The cost of research and development does not outweigh the potential for revenue generated from the sale of the new drug, so the risk is deemed acceptable. (For related reading, see "5 Basic Methods for Risk Management")